Gecko vs Goanna for Thunderbird Independence

Gervase Markham gerv at
Mon Apr 17 14:03:13 UTC 2017

On 13/04/17 23:11, Ben Bucksch wrote:
> there were no less than 250 known critical *1 security holes and 600
> memory corruption bugs that might be exploitable. One critical security
> is already a very serious risk.

How many of those are exploitable if JS is switched off?

I am not saying the cost of forking is zero but we need to acknowledge
that Thunderbird exposes a much-reduced attack surface compared to a web


More information about the tb-planning mailing list